SPIKE and BURP for real world computer security usage (Part 2)

by Don Parker

In part one of this series on usage of HTTP proxies we covered some relevant background material like why they are useful, and the need to have a packet sniffer running. What we shall now do in this part is actually use an HTTP proxy. Read on to find out more on how you can use this very useful tool.Right then! We have covered the relevant background material in part one, and it is now time to get web app hacking. A quick word on my lab setup first that is used here. I have an Apache web server with a scaled down version of my website on it, and no special hardening done to Apache. There is also the SPIKE HTTP proxy running on Windows XP, and these are all running within VMware. With that said I fire up SPIKE itself by navigating to its directory and inputting the “runme.bat” batch file. Once that is done I now enter the IP address of the Apache web server in the URL bar and up the site comes as seen below.